Cities Exposed in Shodan

Shodan Reveals Exposed Cyber Assets

Using Shodan data, the Trend Micro Forward-looking Threat Research (FTR) team assessed which types of cyber assets found in cities across the globe are the most exposed. When a cyber asset like a webcam or a printer is searchable, threat actors can look for means to compromise the device or find out whether the device itself or its software version is known to be vulnerable. Affected parties can use the results of our research to justify investments such as the implementation of the necessary security measures that will better protect their data and assets from future compromise.

What is Shodan?

Shodan is an online search engine that catalogs cyber assets or internet-connected devices. Shodan finds and lists devices and systems such as webcams, baby monitors, medical equipment, industrial control system (ICS) devices, home appliances, and databases, among others. Shodan collates and makes searchable both device metadata and banner information that internet-connected devices and systems are freely sharing over the public internet—and with anyone who queries them.

What are exposed cyber assets?

We define “exposed cyber assets” as internet-connected devices and systems that are discoverable on Shodan or similar search engines, and can be accessed via the public internet. When a certain device or protocol is exposed, it does not necessarily mean that the cyber asset is automatically vulnerable or compromised.

However, since an exposed device is searchable and visible to the public, attackers can take advantage of the available information on Shodan in order to mount an attack. For instance, an attacker may check if the associated software of a device is vulnerable, or if the admin console’s password is easy to crack.

Cities Exposed Worldwide

We have looked at different developed countries in the world to see whether exposure levels differ across countries and in what ways. We have been able to analyze the exposed cyber assets in the United States, Western Europe as a region, the United Kingdom, France, and Germany. Click on the thumbnails to access the PDF reports.

Western European Cities Exposed New

We presented data on exposed cyber assets in the top 10 most populous cities in Western Europe—London, Berlin, Athens, Madrid, Rome, Paris, Stockholm, Oslo, Amsterdam and Lisbon. London and Berlin had more than 2.5 million exposed systems while Amsterdam and Madrid had numbers in the region of a million.

United Kingdom Cities Exposed New

We presented data on exposed cyber assets in the top 10 most populous cities in the United Kingdom—London, Manchester, Birmingham-Wolverhampton, Leeds-Bradford, Glasgow, Liverpool, Southampton-Portsmouth, Newcastle Upon Tyne-Sunderland, Nottingham, and Sheffield. London had the most number of exposed cyber assets in the U.K.―a little over 2.5 million. Manchester followed with around 320,000 and Glasgow with around 160,000.

French Cities Exposed New

We presented data on exposed cyber assets in the top 10 most populous cities in France—Paris, Marseille, Lyon, Toulouse, Nice, Nantes, Strasbourg, Montpellier, Bordeaux, and Lille. Paris had the most number of exposed cyber assets (around 400,000), followed by Marseille and Lyon (around 32,000 and 26,000 respectively).

German Cities Exposed New

We presented data on exposed cyber assets in the top 10 most populous cities in Germany—Berlin, Hamburg, Munich, Cologne, Frankfurt, Stuttgart, Duesseldorf, Dortmund, Essen, and Leipzig. Berlin had the most number of exposed cyber assets at around 3 million followed by Frankfurt (1.9 M).

US Cities Exposed

We presented data on exposed cyber assets in the top 10 largest U.S. cities by population—New York City, Los Angeles, Chicago, Houston, Philadelphia, Phoenix, San Antonio, San Diego, Dallas, and San Jose. Los Angeles, Houston, Chicago, and Dallas each had more than 2 million exposed cyber assets that make them vulnerable to exploitation and compromise.

Lastly, we also went into detail about what home office owners and enterprise network defenders can do to safeguard their networks from attacks that different threat actors can launch.

Disclaimer

At no point during the research did we perform any scanning or attempt to access any of the internet-connected devices and systems. All published data, including screenshots, were collected via Shodan. Note that any mention of brands in this research does not suggest any issue with the related products but only that they are searchable in Shodan.

Furthermore, the analysis was done using February 2017 data, so given the fluid nature of the internet, the actual state of exposure may change.

2019 SECURITY PREDICTIONS

Our security predictions for 2019 are based on our experts’ analysis of the progress of current and emerging technologies, user behavior, and market trends, and their impact on the threat landscape.View the 2019 Security Predictions

2018 MIDYEAR SECURITY ROUNDUP

A review of the first half of 2018 shows a threat landscape that not only has constant and familiar features but also has morphing and uncharted facets: Ever-present threats steadily grew while emerging ones used stealth. View the 2018 Midyear Security Roundup